1 /***************************************************************************
3 * Project ___| | | | _ \| |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
8 * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at http://curl.haxx.se/docs/copyright.html.
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
22 ***************************************************************************/
26 #ifndef CURL_DISABLE_LDAP
27 /* -- WIN32 approved -- */
33 #include <sys/types.h>
52 #include <curl/curl.h>
61 #define _MPRINTF_REPLACE /* use our functions only */
62 #include <curl/mprintf.h>
66 /* WLdap32.dll functions are *not* stdcall. Must call these via __cdecl
67 * pointers in case libcurl was compiled as fastcall (-Gr).
69 #if !defined(WIN32) && !defined(__cdecl)
73 #ifndef LDAP_SIZELIMIT_EXCEEDED
74 #define LDAP_SIZELIMIT_EXCEEDED 4
77 #define DLOPEN_MODE RTLD_LAZY /*! assume all dlopen() implementations have
80 #if defined(RTLD_LAZY_GLOBAL) /* It turns out some systems use this: */
82 # define DLOPEN_MODE RTLD_LAZY_GLOBAL
83 #elif defined(RTLD_GLOBAL)
85 # define DLOPEN_MODE (RTLD_LAZY | RTLD_GLOBAL)
88 #define DYNA_GET_FUNCTION(type, fnc) do { \
89 (fnc) = (type)DynaGetFunction(#fnc); \
91 return CURLE_FUNCTION_NOT_FOUND; \
94 /*! CygWin etc. configure could set these, but we don't want it.
95 * Must use WLdap32.dll code.
102 typedef void * (*dynafunc)(void *input);
104 /***********************************************************************
106 static void *libldap = NULL;
108 static void *liblber = NULL;
111 static int DynaOpen(const char **mod_name)
113 #if defined(HAVE_DLOPEN) || defined(HAVE_LIBDL)
114 if (libldap == NULL) {
116 * libldap.so should be able to resolve its dependency on
117 * liblber.so automatically, but since it does not we will
118 * handle it here by opening liblber.so as global.
120 *mod_name = "liblber.so";
121 liblber = dlopen(*mod_name, DLOPEN_MODE);
123 /* Assume loading libldap.so will fail if loading of liblber.so failed
126 *mod_name = "libldap.so";
127 libldap = dlopen(*mod_name, RTLD_LAZY);
130 return (libldap != NULL && liblber != NULL);
133 *mod_name = "wldap32.dll";
135 libldap = (void*)LoadLibrary(*mod_name);
136 return (libldap != NULL);
143 static void DynaClose(void)
145 #if defined(HAVE_DLOPEN) || defined(HAVE_LIBDL)
156 FreeLibrary ((HMODULE)libldap);
162 static dynafunc DynaGetFunction(const char *name)
164 dynafunc func = (dynafunc)NULL;
166 #if defined(HAVE_DLOPEN) || defined(HAVE_LIBDL)
168 /* This typecast magic below was brought by Joe Halpin. In ISO C, you
169 * cannot typecast a data pointer to a function pointer, but that's
170 * exactly what we need to do here to avoid compiler warnings on picky
172 *(void**) (&func) = dlsym(libldap, name);
176 func = (dynafunc)GetProcAddress((HINSTANCE)libldap, name);
182 /***********************************************************************
184 typedef struct ldap_url_desc {
185 struct ldap_url_desc *lud_next;
198 static int _ldap_url_parse (const struct connectdata *conn,
200 static void _ldap_free_urldesc (LDAPURLDesc *ludp);
202 static void (*ldap_free_urldesc)(LDAPURLDesc *) = _ldap_free_urldesc;
206 #define LDAP_TRACE(x) do { \
207 _ldap_trace ("%u: ", __LINE__); \
211 static void _ldap_trace (const char *fmt, ...);
213 #define LDAP_TRACE(x) ((void)0)
217 CURLcode Curl_ldap(struct connectdata *conn)
219 CURLcode status = CURLE_OK;
222 int (*ldap_url_parse)(char *, LDAPURLDesc **);
223 void (*ldap_free_urldesc)(void *);
225 void *(__cdecl *ldap_init)(char *, int);
226 int (__cdecl *ldap_simple_bind_s)(void *, char *, char *);
227 int (__cdecl *ldap_unbind_s)(void *);
228 int (__cdecl *ldap_search_s)(void *, char *, int, char *, char **,
230 void *(__cdecl *ldap_first_entry)(void *, void *);
231 void *(__cdecl *ldap_next_entry)(void *, void *);
232 char *(__cdecl *ldap_err2string)(int);
233 char *(__cdecl *ldap_get_dn)(void *, void *);
234 char *(__cdecl *ldap_first_attribute)(void *, void *, void **);
235 char *(__cdecl *ldap_next_attribute)(void *, void *, void *);
236 char **(__cdecl *ldap_get_values)(void *, void *, const char *);
237 void (__cdecl *ldap_value_free)(char **);
238 void (__cdecl *ldap_memfree)(void *);
239 void (__cdecl *ber_free)(void *, int);
242 LDAPURLDesc *ludp = NULL;
243 const char *mod_name;
245 void *entryIterator; /*! type should be 'LDAPMessage *' */
247 struct SessionHandle *data=conn->data;
249 infof(data, "LDAP local: %s\n", data->change.url);
251 if (!DynaOpen(&mod_name)) {
252 failf(data, "The %s LDAP library/libraries couldn't be opened", mod_name);
253 return CURLE_LIBRARY_NOT_FOUND;
256 /* The types are needed because ANSI C distinguishes between
257 * pointer-to-object (data) and pointer-to-function.
259 DYNA_GET_FUNCTION(void *(*)(char *, int), ldap_init);
260 DYNA_GET_FUNCTION(int (*)(void *, char *, char *), ldap_simple_bind_s);
261 DYNA_GET_FUNCTION(int (*)(void *), ldap_unbind_s);
263 DYNA_GET_FUNCTION(int (*)(char *, LDAPURLDesc **), ldap_url_parse);
264 DYNA_GET_FUNCTION(void (*)(void *), ldap_free_urldesc);
266 DYNA_GET_FUNCTION(int (*)(void *, char *, int, char *, char **, int,
267 void **), ldap_search_s);
268 DYNA_GET_FUNCTION(void *(*)(void *, void *), ldap_first_entry);
269 DYNA_GET_FUNCTION(void *(*)(void *, void *), ldap_next_entry);
270 DYNA_GET_FUNCTION(char *(*)(int), ldap_err2string);
271 DYNA_GET_FUNCTION(char *(*)(void *, void *), ldap_get_dn);
272 DYNA_GET_FUNCTION(char *(*)(void *, void *, void **), ldap_first_attribute);
273 DYNA_GET_FUNCTION(char *(*)(void *, void *, void *), ldap_next_attribute);
274 DYNA_GET_FUNCTION(char **(*)(void *, void *, const char *), ldap_get_values);
275 DYNA_GET_FUNCTION(void (*)(char **), ldap_value_free);
276 DYNA_GET_FUNCTION(void (*)(void *), ldap_memfree);
277 DYNA_GET_FUNCTION(void (*)(void *, int), ber_free);
279 server = (*ldap_init)(conn->host.name, (int)conn->port);
280 if (server == NULL) {
281 failf(data, "LDAP local: Cannot connect to %s:%d",
282 conn->host.name, conn->port);
283 status = CURLE_COULDNT_CONNECT;
287 rc = (*ldap_simple_bind_s)(server,
288 conn->bits.user_passwd ? conn->user : NULL,
289 conn->bits.user_passwd ? conn->passwd : NULL);
291 failf(data, "LDAP local: %s", (*ldap_err2string)(rc));
292 status = CURLE_LDAP_CANNOT_BIND;
297 rc = _ldap_url_parse(conn, &ludp);
299 rc = (*ldap_url_parse)(data->change.url, &ludp);
303 failf(data, "LDAP local: %s", (*ldap_err2string)(rc));
304 status = CURLE_LDAP_INVALID_URL;
308 rc = (*ldap_search_s)(server, ludp->lud_dn, ludp->lud_scope,
309 ludp->lud_filter, ludp->lud_attrs, 0, &result);
311 if (rc != 0 && rc != LDAP_SIZELIMIT_EXCEEDED) {
312 failf(data, "LDAP remote: %s", (*ldap_err2string)(rc));
313 status = CURLE_LDAP_SEARCH_FAILED;
317 for(num = 0, entryIterator = (*ldap_first_entry)(server, result);
319 entryIterator = (*ldap_next_entry)(server, entryIterator), num++)
321 void *ber = NULL; /*! is really 'BerElement **' */
322 void *attribute; /*! suspicious that this isn't 'const' */
323 char *dn = (*ldap_get_dn)(server, entryIterator);
326 Curl_client_write(data, CLIENTWRITE_BODY, (char *)"DN: ", 4);
327 Curl_client_write(data, CLIENTWRITE_BODY, (char *)dn, 0);
328 Curl_client_write(data, CLIENTWRITE_BODY, (char *)"\n", 1);
330 for (attribute = (*ldap_first_attribute)(server, entryIterator, &ber);
332 attribute = (*ldap_next_attribute)(server, entryIterator, ber))
334 char **vals = (*ldap_get_values)(server, entryIterator, attribute);
338 for (i = 0; (vals[i] != NULL); i++)
340 Curl_client_write(data, CLIENTWRITE_BODY, (char *)"\t", 1);
341 Curl_client_write(data, CLIENTWRITE_BODY, (char*) attribute, 0);
342 Curl_client_write(data, CLIENTWRITE_BODY, (char *)": ", 2);
343 Curl_client_write(data, CLIENTWRITE_BODY, vals[i], 0);
344 Curl_client_write(data, CLIENTWRITE_BODY, (char *)"\n", 0);
347 /* Free memory used to store values */
348 (*ldap_value_free)(vals);
350 Curl_client_write(data, CLIENTWRITE_BODY, (char *)"\n", 1);
352 (*ldap_memfree)(attribute);
360 LDAP_TRACE (("Received %d entries\n", num));
361 if (rc == LDAP_SIZELIMIT_EXCEEDED)
362 infof(data, "There are more than %d entries\n", num);
364 (*ldap_free_urldesc)(ludp);
366 (*ldap_unbind_s)(server);
370 /* no data to transfer */
371 Curl_Transfer(conn, -1, -1, FALSE, NULL, -1, NULL);
377 static void _ldap_trace (const char *fmt, ...)
379 static int do_trace = -1;
382 if (do_trace == -1) {
383 const char *env = getenv("CURL_TRACE");
384 do_trace = (env && atoi(env) > 0);
389 va_start (args, fmt);
390 vfprintf (stderr, fmt, args);
397 * Return scope-value for a scope-string.
399 static int str2scope (const char *p)
401 if (!stricmp(p, "one"))
402 return LDAP_SCOPE_ONELEVEL;
403 if (!stricmp(p, "onetree"))
404 return LDAP_SCOPE_ONELEVEL;
405 if (!stricmp(p, "base"))
406 return LDAP_SCOPE_BASE;
407 if (!stricmp(p, "sub"))
408 return LDAP_SCOPE_SUBTREE;
409 if (!stricmp( p, "subtree"))
410 return LDAP_SCOPE_SUBTREE;
415 * Split 'str' into strings separated by commas.
416 * Note: res[] points into 'str'.
418 static char **split_str (char *str)
420 char **res, *lasts, *s;
423 for (i = 2, s = strchr(str,','); s; i++)
426 res = calloc(i, sizeof(char*));
430 for (i = 0, s = strtok_r(str, ",", &lasts); s;
431 s = strtok_r(NULL, ",", &lasts), i++)
437 * Unescape the LDAP-URL components
439 static bool unescape_elements (LDAPURLDesc *ludp)
443 if (ludp->lud_filter) {
444 ludp->lud_filter = curl_unescape(ludp->lud_filter, 0);
445 if (!ludp->lud_filter)
449 for (i = 0; ludp->lud_attrs && ludp->lud_attrs[i]; i++) {
450 ludp->lud_attrs[i] = curl_unescape(ludp->lud_attrs[i], 0);
451 if (!ludp->lud_attrs[i])
455 for (i = 0; ludp->lud_exts && ludp->lud_exts[i]; i++) {
456 ludp->lud_exts[i] = curl_unescape(ludp->lud_exts[i], 0);
457 if (!ludp->lud_exts[i])
462 char *dn = ludp->lud_dn;
463 char *new_dn = curl_unescape(dn, 0);
468 ludp->lud_dn = new_dn;
474 * Break apart the pieces of an LDAP URL.
476 * ldap://<hostname>:<port>/<base_dn>?<attributes>?<scope>?<filter>?<ext>
478 * <hostname> already known from 'conn->host.name'.
479 * <port> already known from 'conn->remote_port'.
480 * extract the rest from 'conn->path+1'. All fields are optional. e.g.
481 * ldap://<hostname>:<port>/?<attributes>?<scope>?<filter> yields ludp->lud_dn = "".
483 * Ref. http://developer.netscape.com/docs/manuals/dirsdk/csdk30/url.htm#2831915
485 static int _ldap_url_parse2 (const struct connectdata *conn, LDAPURLDesc *ludp)
490 if (!conn->path || conn->path[0] != '/' ||
491 !checkprefix(conn->protostr, conn->data->change.url))
492 return LDAP_INVALID_SYNTAX;
494 ludp->lud_scope = LDAP_SCOPE_BASE;
495 ludp->lud_port = conn->remote_port;
496 ludp->lud_host = conn->host.name;
498 /* parse DN (Distinguished Name).
500 ludp->lud_dn = strdup(conn->path+1);
502 return LDAP_NO_MEMORY;
504 p = strchr(ludp->lud_dn, '?');
505 LDAP_TRACE (("DN '%.*s'\n", p ? (size_t)(p-ludp->lud_dn) : strlen(ludp->lud_dn),
513 /* parse attributes. skip "??".
519 if (*p && *p != '?') {
520 ludp->lud_attrs = split_str(p);
521 if (!ludp->lud_attrs)
522 return LDAP_NO_MEMORY;
524 for (i = 0; ludp->lud_attrs[i]; i++)
525 LDAP_TRACE (("attr[%d] '%s'\n", i, ludp->lud_attrs[i]));
532 /* parse scope. skip "??"
538 if (*p && *p != '?') {
539 ludp->lud_scope = str2scope(p);
540 if (ludp->lud_scope == -1)
541 return LDAP_INVALID_SYNTAX;
542 LDAP_TRACE (("scope %d\n", ludp->lud_scope));
555 return LDAP_INVALID_SYNTAX;
557 ludp->lud_filter = p;
558 LDAP_TRACE (("filter '%s'\n", ludp->lud_filter));
566 ludp->lud_exts = split_str(p);
568 return LDAP_NO_MEMORY;
570 for (i = 0; ludp->lud_exts[i]; i++)
571 LDAP_TRACE (("exts[%d] '%s'\n", i, ludp->lud_exts[i]));
574 if (!unescape_elements(ludp))
575 return LDAP_NO_MEMORY;
579 static int _ldap_url_parse (const struct connectdata *conn,
582 LDAPURLDesc *ludp = calloc(sizeof(*ludp), 1);
587 return LDAP_NO_MEMORY;
589 rc = _ldap_url_parse2 (conn, ludp);
590 if (rc != LDAP_SUCCESS) {
591 _ldap_free_urldesc(ludp);
598 static void _ldap_free_urldesc (LDAPURLDesc *ludp)
608 if (ludp->lud_filter)
609 free(ludp->lud_filter);
611 if (ludp->lud_attrs) {
612 for (i = 0; ludp->lud_attrs[i]; i++)
613 free(ludp->lud_attrs[i]);
614 free(ludp->lud_attrs);
617 if (ludp->lud_exts) {
618 for (i = 0; ludp->lud_exts[i]; i++)
619 free(ludp->lud_exts[i]);
620 free(ludp->lud_exts);
625 #endif /* CURL_DISABLE_LDAP */